[SIGNALS WEEKLY] Control Planes, Stealers, and Emerging AI-Tool Abuse

The control plane blinked. Management surfaces are still getting treated like furniture.

Share
[SIGNALS WEEKLY] Control Planes, Stealers, and Emerging AI-Tool Abuse
The attackers would like to thank the management interface for its years of quiet service.

TL;DR

  • [Vulnerabilities] Attackers are prioritizing internet-exposed control planes (e.g., Cisco Catalyst SD‑WAN Manager CVE-2026-20245), with multiple new CISA KEVs reinforcing management-surface exploitation as a primary initial access vector.
  • [eCrime / Intrusion Sets] Stealer ecosystems (StealC, Amadey) continue to fuel access brokering and “legit login” intrusions, while Turla expands its espionage toolkit (STOCKSTAY) and targeted campaigns (e.g., photo-themed hospitality lures) refine multi-stage, fileless-ish tradecraft.
  • [AI & Influence Ops] Adversaries are starting to abuse AI-agent tool chains (MCP tool poisoning) and AI branding (malicious Chromium extensions), while pro-Russia influence operations increasingly fuse IO, hacktivism, and cyber incidents to amplify strategic impact.

Current Stories

TL;DR

  • [Vulnerabilities/Trend] Control-plane exploitation is staying hot. Active use of Cisco Catalyst SD‑WAN Manager (CVE-2026-20245) and new CISA KEV adds reinforce sustained targeting of management surfaces.

  • [eCrime/Infostealers] Stealer-driven credential theft continues to seed downstream intrusions. Disruptions hit StealC/Amadey infrastructure, but the credential→token→access-broker pipeline remains resilient.

  • [Threat Actors] Turla continues to modernize its espionage stack. The “STOCKSTAY” .NET backdoor has been used against Ukraine and European foreign-policy-aligned targets since at least 2022.

  • [Intrusion Campaigns] A hospitality-targeted lure chain uses photo-themed ZIPs with fake PNG LNKs. It leads to obfuscated PowerShell, a Node.js implant, and registry-based persistence.

  • [Geopolitics/Influence Ops] Pro-Russia influence operations are assessed to be broadening beyond Ukraine-first narratives. Generative AI and scaled hacktivism appear to be key force multipliers.

References

Emerging Stories

TL;DR

  • [AI Security] Attackers can poison AI-agent tools by manipulating Model Context Protocol (MCP) tool metadata. The payoff is stealthy data exposure through “approved” integrations.

  • [Social Engineering] AI brand impersonation is showing up in malicious browser extensions. A spoofed Perplexity-themed Chromium extension intercepted omnibox searches before redirecting users.

References


Forecasts

TL;DR

  • Control-plane exploitation will keep driving rapid-impact compromises. Attackers will prioritize internet-reachable management software and “IT glue” systems.